"Perry E.Metzger" wrote:

> ...
> The problem in security is not that we don't have crypto technologies
> that are good enough -- our algorithms are fine. Our real problem is
> in much more practical things like getting our software to high enough
> assurance levels, architectural flaws in our systems, etc.
> Thus, Quantum Crypto ends up being a very high priced way to solve
> problems that we don't have.

Well, one of our real problems is that in order to protect a system we need
to introduce targets in addition to the system's resources (the original targets)
that can come under attack, which additional targets increase complexity,
overhead and we cannot protect with 100% efficiency. Thus, paradoxically,
adding controls adds weakenesses.

For example, if we add a password list and an ACL to control access we
are adding targets -- that can be (and are) attacked. Another example is
the software itself, needed to control the access.

Quantum cryptography's promise is to solve this real problem by eliminating
some additional targets when compared to a conventional system.

The same, however, can be done without QC and that is, IMO, one of the
directions we need more work on. How can we reduce the number of additional
targets -- QC or not? This approach can provide provable benefits by directly
reducing the total number of targets. You can't attack a target that does not exist.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to